The Reserve Bank of India has released draft guidelines proposing a compensation framework for victims of small-value digital payment fraud, marking the first update to its customer protection rules since 2017. Under the proposed framework, victims would receive compensation of 85 per cent of the loss amount or Rs 25,000, whichever is lower, available as a once-in-a-lifetime benefit.
The draft, released in early March 2026 with comments invited until April 6, 2026, targets the growing volume of digital payment scams involving amounts under Rs 50,000. In a notable departure from existing rules, the RBI has indicated that first-time victims may receive compensation even in cases where one-time passwords were shared, acknowledging the increasing sophistication of social engineering attacks targeting UPI, NEFT, and other digital payment users.
The proposed cost-sharing model distributes the compensation burden across three parties. The RBI would bear 65 per cent of the payout, with the customer's bank and the beneficiary bank each contributing 10 per cent. The framework defines fraudulent transactions broadly to include those executed using credentials obtained fraudulently, transactions carried out under pressure or threat from a third party, and cases where customers are tricked into transferring funds to scammers posing as legitimate recipients.
The central bank has also proposed mandatory SMS alerts for transactions above Rs 500 and expedited complaint resolution timelines as complementary consumer protection measures. If adopted, the framework would come into effect from July 1, 2026, alongside the risk-based authentication framework already scheduled for April 1, 2026. Together these measures represent the most significant overhaul of India's digital payment consumer protection regime in nearly a decade, reflecting the reality that UPI now processes over 20 billion transactions monthly and digital fraud complaints have risen in proportion to adoption.